Record security based on option set value - dynamics-crm

For the accounts entity I have different account types.
However I need to make some of these records read only only based on the account type, as these records will be slaved in CRM.
However the user should still have ability to create other types of accounts that will be mastered in CRM.
I was thinking to do this via security role however when giving create or edit permission on the account entity user can still create accounts of any type or edit existing slaved data.
What would be the best way to make slaved data read only?
Use business rules to lock all fields based on the type?

Like you said, this cannot be achieved with security role, since the requirement is based on a field value.
Disabling all the form fields in bulk - You can do this in javascript quickly, or may be with Business rules one by one. Verify the field value on form load for your certain slaved value account type, then disable the controls by iterating each one of them.
Still subgrid, webresource, iframes will be editable.

Related

In QuickBase, is there a way to make one field have unique user access?

I'm the QuickBase Admin for my QuickBase app. In the app, there's a dashboard report that's used by individuals with viewer access; that way, they can see their students' data, but can't edit the app, tables, structures, etc.
My app's users want to be able to edit one field with notes on that row's data (each row is a student's data, so they'd want to use that field to add notes on that individual), but viewers don't have editing/data entry access tn any column. Is there a way for users to have editing/data entry access to one field, but not the others?
I know with Tableau and other BI software, this isn't possible, but I wanted to ask since my users asked.
Thank you for reading.
Sure you can.
Actually there are more ways to implement this needs.
My opinion better if you create a new table and make a relationship between the student data and a (new) Notes table and you will be able to setup edit rights eg by record owner.
An other way, you can allow the edit right for your users and you can make a restriction on field level. In this case you have to go through on each field and at the Advanced section you will find Permission - Restrict access by role.
Hopefully you do not have a lot of fields :)

How to filter data in CDS(powerapps) to restrict unauthorized users

I have created a custom entity in common data services(CDS) that streams in data from a survey.
I'll however need to give access to the data to various people. In my dataset, I have a column called community, which should represent which people have access to what data based on the community they've entered the column.
How exactly can I filter the data, after it has streamed in to ensure I only give access to people of a particular community. And yes every community is exclusive, no two people can be in two different communities.
I want to filter by the community, such that those in community A see only A and not B or C.
There’s no straight one step OOB configuration to achieve this. Because the row level security depends on the column value ie. community field value of each record.
One way is to create owner teams and add the users to right teams, then the custom entity record has to be owned by respective team - owner team of each custom entity record can be filled/assigned automatically based on the community field value on create using plugin/workflow/Flow.
Most important, in security role for that custom entity - read privilege has to be given only for user level. Assign the security role to Teams.

Dynamic parameters for views in Dynamics 365

I have a Account Relationship entity with two lookup fields called Recipient Account and Guide Account. I would like to be able to go on an Account and see all records where the Account Relationship's Recipient Account and Guide Account are set to the account I'm viewing.
In CRM, I can definitely create a view to fetch all account relationships on the Account Relationship entity and then inside the Account entity's form I can include the view with the data source set to Related Records Only and the entity set to Account Relationship (Recipient Account). But I can't do both in a single view.
Through what mechanism can I have it all be in one view? One thing I was considering was creating separate grids, one for Recipient Account and another for Guide Account. But I want to know if there is a mechanism where I can combine all records that have "Recipient Account = Current Account or Guide Account = Current Account" that is basically the query I want to run.
You could use connections. It's pretty flexible and will fulfill your needs as long they stay simple. That's the only viable option I see aside from using two views.
Keep only one subgrid of Account Relationship N:N intersect entity (either Guide account or Recipient account relation)
Register RetrieveMultiple pre-operation plugin to intercept the query & pass the custom fetchxml query by incorporating or filter
Fetchxml has to be built something like explained
Try this unrecommended if you wish but two grids are better choice. This alternate solution also you can try.

Access rights for the users in a team

I have users in a team having access to particular fields on lead, opportunity and account entities. I have few users who are in team they just need access to fields on lead and Opportunity entity not on account ?
I thought Ill use field level security on the fields to achieve this, having field level security will have effect other functionality in the system. Any thoughts on how to achieve this ?
Breaking down CRM security levels:
Role level - Entity level (e.g. access to Lead but not marketing list)
Record level - Read/Write/Access (e.g. read lead record but not modify them)
Field level - Field level show/hide (e.g. hide a lead's account field for certain users or team).
In your case, it depends on what defines having access (is it more of a don't need to see or a should not see scenario). If it is just a case of a set of users don't have to deal with certain fields use different CRM forms for different teams, if it is a case of they should not be seeing the data use field level security.
This also would hopefully answer "having field level security will have effect other functionality in the system?" questions, if field level security is implemented, the fields which are restricted read won't show up in the advanced find queries or reports for the users who are not assigned the field level security profiles. Also once you have secured the field, every new user or team needs the field level security profile assigned, else they won't be able to see the field.

CRM 2011 lookup attribute mapping

Is it possible to set null/blank lookup values on relationships in CRM 2011 when they open from the parental/referrential entity?
Example, if you create a new 1:N relationship between the entities opportunity and account holding an agency value. When creating a new opportunity from an account, this account is prefilled in both the potential customer lookup field and the agency lookup field.
This can easily be remedied with a javscript, clearing the field onload, but can this be done earlier, in the attribute mapping, or is it always a post-fix to correct the default action?
I had the same issue in Crm 4. So I suppose it still exists in 2011.
You cannot remove the relationship mapping of the primary attribute, though I've never understood why this automatically maps to fields of different relationships.
In this case you are just best off using JavaScript to perform the following logic:
If the form is in create mode and both fields contain the same value then clear the duplicated field.
This logic should ensure that it only clears the fields in this circumstance.
This is not possible without Javascript.
MS CRM doesn't give you an option to counter the autofill of the mapped field. It will always be automatically filled in by the system.

Resources